CVE-2017-9797

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Geode
Vendor: CVE Published:; 29 September 2017

Summary

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.

Affected Version(s)

Apache Geode 1.0.0

Apache Geode 1.1.0

Apache Geode 1.1.1

References

http://mail-archives.apache.org/mod_mbox/geode-user/20170...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2017
Vulnerability Reserved
Jun 21, 2017